Jump to content

Very new at this and need coding help

Butler

By Butler
in PHP Coding Help

 Share

Recommended Posts

Butler Newbie

Butler

Posted
Posted

I am self taught and am trying very hard to get a log in page to work.

The way i want it to work is that when they log in it uses a url stored in the database for their account. But i am having some much trouble working out a code that works and this is all i got:

<?php

include ('connection.php');

 

$username=$_POST['username5'];

$password=$_POST['password5'];

 

      $query="SELECT password FROM merchants WHERE username = '$_POST(username5)'";

if ($password == $query)

{

$url = "SELECT url FROM merchants WHERE username = '$_POST(username5)'";

header("Location: $url");

}

else

{

echo urgh

}

?>

 

Link to comment
Share on other sites
Fadion Newbie

Fadion

Posted
Posted 
$username = mysql_real_escape_string($_POST['username5']);
$password = sha1($_POST['password']); //passwords should be hashed before inserted into a database for security reasons. Remove sha1() if you have not used hashing.

$results = mysql_query("SELECT url FROM merchants WHERE username='$username' AND password='$password'");
if (mysql_num_rows($results)) {
     $values = mysql_fetch_array($results);
     $url = $values['url'];
     header("Location: $url");
} else {
     echo 'Wrong data yo!';
}

Link to comment
Share on other sites
Butler Newbie

Butler

Posted
  • Author
Posted 

$username = mysql_real_escape_string($_POST['username5']);
$password = sha1($_POST['password']); //passwords should be hashed before inserted into a database for security reasons. Remove sha1() if you have not used hashing.

$results = mysql_query("SELECT url FROM merchants WHERE username='$username' AND password='$password'");
if (mysql_num_rows($results)) {
     $values = mysql_fetch_array($results);
     $url = $values['url'];
     header("Location: $url");
} else {
     echo 'Wrong data yo!';
}

I used your code but the on,ly thing is no matter if i put the right username and password or not it returns to be wrong and i dont know what hashed means

Link to comment
Share on other sites
Fadion Newbie

Fadion

Posted
Posted

In my code, just replace this line:

$password = sha1($_POST['password']);

 

with

$password = mysql_real_escape_string($_POST['password']);

 

Hashing is a way of storing encrypted passwords in the database. In that way, even if someone sees your user table, no actual password information will be shown. PHP has several methods of encryption, be it one-way or not. The function I suggested (sha1) is a one-way hashing algorithm that cannot be decrypted. You can just use hashes to compare and specify if provided passwords are correct.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.